Difference between revisions of "Xuite"

Latest revision as of 06:11, 31 August 2023

Xuite 隨意窩


URL	https://xuite.net/
Status	Offline
Archiving status	Partially saved
Archiving type	DPoS, ArchiveBot
Project source	xuite-grab
Project tracker	xuite
IRC channel	#sweet (on hackint)
Data^{[how to use]}	archiveteam_xuite `job:6k8qmfml9yo2590nr8cjkphk8` `job:1qe187vjxxw086byi1t1plpwx` `job:bk2btiyuvyckixj2v0nbafjxa` `job:dc1js68hzea2h40oh8qmotl99` `job:egesk0ttaj87q37lbue82gl8j`

Xuite (pronounced "sweet") is a Taiwanese blog website and social networking service operated by Chunghwa Telecom, founded in 2005.

Xuite offers blog, photo album, and vlog services until the website shutdown on 2023-08-31. All servers of Xuite stop working at 14:00 (UTC+8).

Shutdown

Announcement:

Xuite隨意窩平台服務終止公告

感謝您長期以來對Xuite隨意窩服務的支持，「Xuite 隨意窩」是許多人曾經的青春日記，也是現在進行式的樂活人生筆記。惟考量現今社群使用習慣改變，為使資源做更有效運用，Xuite隨意窩將於112年8月31日終止服務，並刪除網站全部資料。自112年4月6日起，我們提供所有 Xuiter（會員）後續處理服務，請注意以下關站時程，建議您盡早進行資料備份下載與部落格搬家等相關作業。

Closing schedule

Phase 1: April 6th 10:00 UTC+8 ~ May 1st 10:00 UTC+8, 2023

The website functions normally.
Data backup and download functions are provided for the members.

Phase 2: May 1st 10:00 UTC+8 ~ August 31st 14:00 UTC+8, 2023

Stop the opening of new member registration.
The website enters read-only mode, and the management console will be closed.
Members can browse the public webpage normally but cannot enter the management console to add, modify or delete the contents.
Only data backup and download functions are provided.
Force close several types of blog sidebars to protect the website content from crawlers ^[1].

Phase 3: August 31st 14:00 UTC+8, 2023

The website is closed and cannot be accessed.
Members cannot backup or restore their data. All data will be deleted.

Domains

The following domains are currently functional:

xuite.tw
xuite.net
api.xuite.net (certificate was expired since 2023-05-19)
avatar.xuite.net
blog.xuite.net
events.xuite.net
img.xuite.net
m.xuite.net
wms.map.xuite.net
my.xuite.net
pic.xuite.net
photo.xuite.net
qa.xuite.net
s.blog.xuite.net
s.photo.xuite.net
town.xuite.net
vlog.xuite.net
*.xuite.com (alias of *.xuite.net)

The following domains host user-generated contents:

[0-9a-f].blog.xuite.net
[0-9a-f].mms.blog.xuite.net (suffering from invalid certificate common name)
[0-9a-f].photo.xuite.net (suffering from invalid certificate common name)
o.[0-9a-f].photo.xuite.net
[0-9a-f].share.photo.xuite.net
[0-9a-f].mms.vlog.xuite.net

The following domains redirect the pages elsewhere:

event.xuite.net
roomi.xuite.net
vip.xuite.net

The following domain always returns HTTP 404:

vote.xuite.net

The following domain was down, and the redirection should be handled specially:

redir.xuite.net

Site structure

Assuming all the numeric IDs are incrementing, there are about 51M accounts, 6.1M blogs, 591M blog articles, 20.6M albums, 1262M photos, and 33.2M videos or audios on Xuite in the end.

User

Each member has a user_id in the regex form of [A-Za-z0-9._]{1,20} and one or more numeric serial numbers (sn). Multiple serial numbers may correspond to the same user_id, possibly due to account merger or user_id takeover.

It seems that newly registered Chunghwa Telecom member will be automatically assigned a Xuite account chttw_[0-9]{10}, so the serial number keeps growing after the read-only phase.

The currently known user serial number ranges are 10000054~30399438, 231366307~261267271, 280000170~281076360.

User homepage: https://m.xuite.net/home/xuite.net
User avatar: https://avatar.xuite.net/12084878/s https://avatar.xuite.net/12084878
User profile: https://blog.xuite.net/_theme/snapshot/snapshot_avatar.php?mid=10000728

The user profile service My窩^[2] has been terminated since 2021 ^[3]. Right now it is not possible to access the user friend list through the webpage without using the API.

Blog

A member can have multiple blogs. Each blog has a custom alphanumeric blogUrl / blog_name and a globally unique incremental numeric blog_id. blogUrl was editable after blog creation, before read-only phase. Malicious blog owners were able to bypass front-end JavaScript checks and submit malformed blogUrls, making their blogs inaccessible.

Each article has a globally unique incremental numeric article_id, not exceeding 590788564.

Blog service homepage:
- https://m.xuite.net/blog
- https://blog.xuite.net/index_next.php
Article search:
- https://xuite.net/search_index.php?query=diary&type=haarticle&range=all
User blog list: https://m.xuite.net/blog/xuite.net
- Blog: https://blog.xuite.net/xuite.net/xuite https://m.xuite.net/blog/xuite.net/xuite
  - Article: https://blog.xuite.net/xuite.net/xuite/590728046 https://m.xuite.net/blog/xuite.net/xuite/590728046 ^[4]

Photo

Each album has a globally unique incremental numeric album_id.

Each photo has a numeric position number (serial) in the album and a globally unique incremental numeric photo_id.

Vlog

Each video or audio has a globally unique incremental numeric MEDIA_ID (not exceeding 33178667), and a FILE_NAME in the regex form of (?:[A-Za-z0-9]{31}|[A-Za-z0-9]{6})-MEDIA_ID\.flv in Base64 encoding forms the video URL.

Members can create directories to categorize media they uploaded, and each media cannot belong to more than one directory ^[5]. Each directory has a globally unique incremental numeric dir_id.

Members can create playlists to categorize any media on Xuite since 2015 ^[6]. Each playlist has a globally unique incremental numeric plid.

Flash-based creations

Members used to be able to embed Flash gadgets in blog sidebars or articles. Although these gadgets are deprecated ^[7]^[8], the configuration XML files, images and audios shown in FlashVars are archivable.

If http://c.blog.xuite.net/cf/7b/11732000/blog_698/mtv/4711036/flash_config.xml (occasionally) redirects to the forbidden page https://my.xuite.net/error.php?ecode=403, there is an alternative URL https://blog.xuite.net/_users/cf/7b/11732000/blog_698/mtv/4711036/flash_config.xml .

In articles

In blog sidebars

URL shortener

Web page visitors can use the URL shortener by clicking the "短網址" button in the upper right corner of the website toolbar ^[9].

Others

Other subdomains consists mostly of static content, which has been partially saved by Wayback Machine:

https://events.xuite.net/ (some files are corrupted since 2014)
https://wms.map.xuite.net/poi/MapExp.php?area=2
https://photo.xuite.net/_/2006
https://photo.xuite.net/_/2018?081
https://town.xuite.net/

API

Xuite Photo Feed API

The following method returns a JSON-encoded album list of up to 15 albums for the user ^[10].

https://photo.xuite.net/_feed/album?user_id=xuite.net

The following method returns a JSON-encoded photo list of the album ^[11].

https://photo.xuite.net/_feed/photo?user_id=xuite.net&album_id=20641189&count=500

Xuite API

Members used to be able to apply for Xuite API keys since 2011 ^[12]. Although new applications were later closed, existing API keys can still be used.

All requests should be accompanied by a signature api_sig derived from the API key and the corresponding 10-digit secret key, but methods with "public" property do not require Oauth 2.0 Authorization from the user.

The signature generation formula is md5(<secret key> + <concatenated parameter values sorted by parameter names>) ^[13].

For example, if the API key is 500e40b862395d8a177d402d43cee9db, the corresponding secret key is 0123456789, and the query parameters are api_key=500e40b862395d8a177d402d43cee9db&method=xuite.photo.public.getPhotos&user_id=photo&album_id=4286795&pw=&start=0&limit=21, the signature should be md5(01234567894286795500e40b862395d8a177d402d43cee9db21xuite.photo.public.getPhotos0photo) = afc87f038f0c538677609eca6b1e7e88.

Non-public APIs

Some methods are designed to be called by AJAX or Flash. These methods do not require the API key.

User information

User nickname: https://my.xuite.net/service/account/api/external/sn_name.php?sn=11731841
User profile: https://blog.xuite.net/_theme/member_data.php?lid=photo

Friend list

Similar to Wretch, the friendship of Xuite is directional. Username discovery can be performed in two directions.

Keyword search

The following methods are derived from the Android App that were on Google Play ^[14].

SQL wildcard characters take effect in the keyword kw.

Search article title: https://m.xuite.net/rpc/search?method=blog&kw=隨意窩&offset=1&limit=30
Search vlog title/description: https://m.xuite.net/rpc/search?method=vlog&kw=謝謝一路有妳陪著我&offset=1&limit=30
Search user_id prefix: https://m.xuite.net/rpc/search?method=account&kw=chris65&offset=1&limit=30
Search user nickname: https://m.xuite.net/rpc/search?method=nickname&kw=中華電信用戶&offset=1&limit=30

Blog AJAX

Blog popularity counter: https://blog.xuite.net/_theme/CountSideExp.php?bid=1600410
Article popularity counter: https://blog.xuite.net/_theme/ArticleDetailCounterExp.php?aid=326198595
Article trackback section: https://blog.xuite.net/_theme/TrackBackShowExp.php?aid=326198595&b_login=xuite.net&b_url=xuite&mid=12084878&bid=1600410&a_author_id=12084878&track_flag=Y&index=
Article comment section: https://blog.xuite.net/_theme/MessageShowExp.php?ver=new&aid=326198595&uid=12084878&bid=1600410&a_author_id=12084878&index=&mid=

Album photo list

The following method derived from https://blog.xuite.net/_service/swf/slideshow.swf returns an XML-encoded list with album thumbnail and photo size. It uses a 10-character check key that is affected by the day of the week.

Media source info

The following methods return an XML-encoded media source info by providing the Base64-encoded MEDIA_ID solely. The FILE_NAME and owner's user_id can be derived from the returned Base64-encoded flv_src.

Media playlist

This API cannot infer the owner of the playlist.

References

↑ 《公告》提醒您！隨意窩將於112年5月1日進唯讀模式
↑ 《公告》MY窩熱鬧登場囉
↑ 《公告》「My窩」功能下架通知
↑ Some articles removed from the desktop version are still accessible in the mobile version, e.g. https://m.xuite.net/blog/xuite.net/xuite/63545423
↑ 《教學》影音 - 影音管理_資料夾管理
↑ 《教學》影音 - 播放清單功能上線
↑ 《公告》隨意窩部分功能將於2017年3月14日異動、終止
↑ 《公告》舊版Flash相簿播放器下架
↑ 《教學》全網工具列－短網址
↑ 隨意窩 Xuite 相簿 - Feed API - 取得相簿列表 API
↑ 隨意窩 Xuite 相簿 - Feed API - 取得相片 API
↑ 《公告》隨意窩Xuite開放API囉，歡迎大家一起來開發自己的應用程式。
↑ https://web.archive.org/web/20210602094928if_/http://api.xuite.net/css/apiSignature.png
↑ Xuite隨意窩 - Android Apps on Google Play
↑ For password-protected videos (e.g. https://vlog.xuite.net/play/V2JSSGNOLTM2Mzg0MzIubXA0 embedded in https://hornydragon.blogspot.com/2011/05/ck-louis-shameless-1.html), the password hash is md5(XuiteVlog + <password>).

External links

[1] 《公告》提醒您！隨意窩將於112年5月1日進唯讀模式

[2] 《公告》MY窩熱鬧登場囉

[3] 《公告》「My窩」功能下架通知

[4] Some articles removed from the desktop version are still accessible in the mobile version, e.g. https://m.xuite.net/blog/xuite.net/xuite/63545423

[5] 《教學》影音 - 影音管理_資料夾管理

[6] 《教學》影音 - 播放清單功能上線

[7] 《公告》隨意窩部分功能將於2017年3月14日異動、終止

[8] 《公告》舊版Flash相簿播放器下架

[9] 《教學》全網工具列－短網址

[10] 隨意窩 Xuite 相簿 - Feed API - 取得相簿列表 API

[11] 隨意窩 Xuite 相簿 - Feed API - 取得相片 API

[12] 《公告》隨意窩Xuite開放API囉，歡迎大家一起來開發自己的應用程式。

[13] ttps://web.archive.org/web/20210602094928if_/http://api.xuite.net/css/apiSignature.png

[14] Xuite隨意窩 - Android Apps on Google Play

[15] For password-protected videos (e.g. https://vlog.xuite.net/play/V2JSSGNOLTM2Mzg0MzIubXA0 embedded in https://hornydragon.blogspot.com/2011/05/ck-louis-shameless-1.html), the password hash is md5(XuiteVlog + <password>).

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]